Join Our Security Mission.

Claim Your Bounty 💻🛡️

Report Vulnerabilities. Secure Payouts. Rewarding Collaboration.

Help improve our security.

(while earning rewards for your efforts)

Join our Bug Bounty Program and earn competitive rewards for every verified security vulnerability you report. There's no cap on the bounty - the better the find, the bigger the reward!

Join Waiting List

Secure The Net 🌐.

Earn Rewards for Vulnerability Reports

Contribute to our robust security by identifying potential vulnerabilities. Partner with us for a safer web experience and benefit from a rewarding bug bounty program designed with the expertise of the cybersecurity community.

Bounties Paid via PayPal

Hassle-free payments through secure channels

Regular Payout Schedule

Rewards disbursed on a quarterly basis

Earn Rewards for Finding Vulnerabilities

Monetary rewards for contributing to security improvements

Community Recognition

Credit for significant findings in the security community

Public Acknowledgement

Public recognition for researchers who wish to be recognized

Support from the Mixo Team

Dedicated support from the Mixo team
Join Waiting List


What rewards can I expect from reporting a vulnerability?
The reward for reporting a bug can range greatly depending on the severity and impact of the vulnerability. We use the industry-standard CVSS (Common Vulnerability Scoring System) to classify the severity and assign rewards accordingly.
Is there any public recognition for researchers?
Yes, we value the effort of security researchers and provide public acknowledgment for those who wish to be recognized. We include their names or aliases in our Hall of Fame, with their consent.
How do I report a potential security vulnerability?
To report a vulnerability, please follow the guidelines outlined on our Bug Bounty Program policy page and email us the detailed information at
What types of vulnerabilities are eligible for a reward?
Vulnerabilities that are considered eligible for a reward typically include, but are not limited to:
  • Critical web application security issues such as Cross-Site Scripting (XSS), SQL Injection, and Authentication flaws
  • Server-side code execution bugs
  • Significant security misconfigurations
We do not reward for low-impact findings such as clickjacking, self-XSS, or issues only affecting outdated user agents or platforms.
How long does it take to get a reward after reporting a bug?
The time to review your submission and issue a reward varies depending on the complexity and severity of the bug. Once the report has been reviewed and validated, we strive to process rewards promptly.
Can I disclose the bug publicly?
We request that all researchers engage in responsible disclosure. Public disclosure of the vulnerability is only permissible after we have confirmed that it has been remediated, and with express consent from Mixo.
What happens if someone else reports the bug before me?
Bounties are awarded on a first-come, first-serve basis. If a reported issue is already known to us or has been reported by someone else, we unfortunately cannot award a second bounty for the same issue.